10 Defenses Against Smartphone Theft

Thieves see mobile phones as easy cash. Take these 10 steps to defend yourself.

10 Best Tablets Of 2013

(click image for larger view)

In major US cities, 30% to 40% of thefts involve mobile phones, according to the Federal Communications Commission. In some cities, the percentage is higher: In New York, it's over 40%, and in San Francisco, the figure is about 50%.

To help keep smartphone owners safe -- because some thefts have resulted in the injury or death of the victim -- New York Attorney General Eric Schneiderman and San Francisco District Attorney George Gascon are backing a Samsung proposal for an opt-out kill switch.

Samsung wants to include the Absolute LoJack software on all its phones so they can be rendered inoperable from afar. It ships the code as firmware in its Galaxy S4 and Galaxy Tab 3, so the security program can survive a factory reset.

Wireless carriers have rejected Samsung's proposal, citing the risk that hackers could find a way to disable people's phones. But according to the Associated Press, Samsung provided email evidence to the San Francisco District Attorney's office that Gascon said, "suggest[s] that the carriers are rejecting a technological solution so they can continue to shake down their customers for billions of dollars in (theft) insurance premiums."

Apple's iPhone employs its own software-based kill switch in the form of its Find My iPhone software. The company recently added its Activation Lock as part of iOS 7 to prevent Find My iPhone from being disabled, and introduced its Touch ID fingerprint sensor in the iPhone 5S to provide better security than the typical password.

Gascon and Schneiderman have recommended several actions individuals can take to mitigate the risk of "Apple picking," the perversely brand-specific term used to describe mobile phone theft. We at InformationWeek have a few recommendations of our own as well. Here are 10 ways in countdown order to avoid phone theft.

10) Use security applicationsAndroid phones and iPhones both come with security software. But that doesn't mean the software is active, or that third-party software might not help even more. If you have an Android phone, make sure you're using Android Device Manager or a third-party security software such as Lookout Security & Antivirus. If you have an iPhone, make sure Find My iPhone has been set up and activated.

9) Use a strong passwordToo many people just give up when it comes to passwords, access codes, and PINs. They pick something such as "password" or "qwerty" or "1234." Raise the level of your game: Come up with a functional password generation recipe, then apply it to your devices and websites. You don't need a password manager. This is not rocket science.

Here's one way to do it: Take the last letter in a website's domain or a device's manufacturer ("k" from "informationweek.com"), a punctuation mark ("?"), and a phrase, like lyrics from a song ("Here comes the sun," in the song of the same name by The Beatles, but capitalized). Then string them together in a pattern you can remember, replacing at least one vowel with a number, like the letter "o" with the number "0". The result is "k?HereC0mesTheSun?k" -- a reasonably strong password that will be different for most websites. Or develop your own system. Just make it memorable and commit to it.

8) Keep phone data handyWrite down your phone model number, serial number, and International Mobile Equipment Identifier (IMEI). If your phone gets stolen, you'll want these numbers (along with your mobile carrier's support phone number) to help your carrier place your IMEI number on the GSMA IMEI blacklist. You can find your IMEI number in most phone settings menus by dialing *#06#, or by checking the battery compartment, if accessible.

7) Be aware of your surroundingsWe've all seen them. People who meander down the sidewalk, staring at their phones, forcing others to take evasive action to avoid a collision. People chatting on phones oblivious to those nearby. People who set their phones down on cafe tables or on public transit seats. People who let their phones dangle from purse or pocket. Don't be one of these people.

6) React quickly if your phone is stolenReport the theft to the local police. This will allow police to check websites that might be trying to unload your stolen phone and will provide you with a police report in case you want to make an insurance claim. Report the theft to your mobile carrier, so your phone service can be suspended and the phone's identifier can be blacklisted. Activate any applicable security software such as Find My iPhone or Lookout. You might also want to change your phone and app passwords, in case the thief was able to login and access some of the services you use through stored passwords. If you're really lucky, your phone's security software will help you recover your device.

In August, the FBI and DHS issued a report that found 79% of mobile malware affected Android devices, 19% affected Symbian devices, and less than 1% affected BlackBerry, iOS, or Windows Phone devices. Android's troubles largely arise from the fact that as many as 44% of Android users worldwide rely on Android versions 2.3.3 to 2.3.7, which have known vulnerabilities. So although it's possible to run Android securely, it requires more diligence. Choose BlackBerry, iOS, or Windows Phone if you don't want to be proactive about security. Choose Android if you require the flexibility of a more-open ecosystem and are comfortable with the responsibility.

4) Choose your WiFi network carefullyJust because a WiFi network is visible and accessible doesn't mean it's safe. Use secure WiFi networks when possible. When there's no other option, avoid doing anything that involves authentication if you can. You never know who might be listening or intercepting unprotected network traffic.

3) Choose your apps and websites carefullyUser behavior represents a major source of insecurity. If you can avoid downloading sketchy apps and visiting suspect websites, you will reduce your chances of acquiring malware. Security firm Trend Micro says it has analyzed 3.7 million Android apps and updates, and found 18% to be malicious, with an additional 13% categorized as high risk. Almost half of the malicious apps (46%) were acquired from Google Play, the company says.

2) Don't buy phone insuranceIf the mobile carriers really are fighting pre-installed security software to sustain revenue from insurance premiums, you can fight back by refusing to participate. Carrying your expensive smartphone without an insurance net should also encourage you to guard your phone more carefully. Of course, you'll be wishing you had insurance when your phone slips from your pocket and fracture lines spread across the touchscreen...

1) Leave your phone at homeIt's easier said than done. But you can't lose what you don't have. Shocking though it may be, people used to get by without mobile phones. Try it once in while, if only to highlight your device addiction.

Making decisions based on flashy macro trends while ignoring "little data" fundamentals is a recipe for failure. Also in the new, all-digital Blinded By Big Data issue of InformationWeek: How Coke Bottling's CIO manages mobile strategy. (Free registration required.)

"It's easier said than done. But you can't lose what you don't have. Shocking though it may be, people used to get by without mobile phones. Try it once in while, if only to highlight your device addiction."

Everyone should try this at least a week in your life. Not only it will be a week with no worries about your phone being stolen but also you will learn about the degree of dependency you have with your phone.

You will discover new ways of getting around without looking at your screen, and you may actually enjoy not being reachable once in a while. :D

I agree with most of these tips but the one about not buying phone insurance doesnt make sence to me. Just because someone doesn't get the insurance is going to mean they take care of it better? I would love to see a study on that.

I generally dont buy phone insurance because I am careful with my phone and so far I have been good. my daughters phone is a different story. She has broken more than a few so it's worth it. But for something that helps protect it from getting stolen? I dont see it.

Considering pepole have used laptop LoJack and similar software to spy on people in private situations (including law enforcement and the people at the company themselves), I think I'd rather just have to buy a new phone.

"7) Be aware of your surroundingsWe've all seen them. People who meander down the sidewalk, staring at their phones, forcing others to take evasive action to avoid a collision."

This is one of the most important ones imo, ive seen people with no idea what's happening around them practically begging to have that multi-hundred dollar device snatched from them. There's a few videos about of CCTV of kids on bikes stealing and riding off before the victim knows what's happened practically.

I guess its matter of week or two, i forgot my phone at home and left for office, suddenly in mid way i realized, unfortunately i travelled 8 KMs to get my phone above this it had some 15 missed calls including few of my BOSS...This point is really hard to consider.

@Thomas & J_BrandtWhat a great set of ideas!In a sense, my present PC is almost "disposable," in that I have very, very few programs installed on it, and I use mostly a subset of the programs offered by Windows 7. Everything interesting or new is accessed via browser on the cloud. If the machine was totally wiped out by a virus, I wouldn't have much more to do than re-install windows. Compare that to a few years ago when I'd have to spend hours and hours of misrery re-installing a bunch of feisty, tricky programs from CDs, and then waiting overnight until they are updated over the internet.Certainly, it's to be hoped that smartphones follow a similar path

As I recall, IBM envisioned some time ago the personal body network. Between your smart phone, blue tooth ear piece, smart watch, and Google Glasses it's a start on that. Perhaps we will add the ring, belt bucking and other things.

> more of the overall expense of using these these devices will be in various subscriptions to different online services and programs, and less and less in the physical device itself...

I suspect that's true. Within a decade, I expect someone (Google or a startup?) in the cloud data business will find a way to make a basically disposable, biodegradeable mobile phone. Another way to do it would be to store important user data in some object that's less easy to lose (a Bluetooth-enabled ring or belt buckle chip) and to pass it to the phone wirelessly as needed.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.